A bite-size guide to the GDPR

John-Henry Mostyn • 09-27-2017

The New EU General Data Protection Regulation (GDPR) comes into force in May 2018, affecting all firms which store or process data belonging to EU citizens. Even if you’re a small business in the UK’s back and beyond, if you have any customers from Europe, this includes you.

Worryingly, recent data breaches suggest that businesses across Europe are failing to properly prepare. EMW Law, a specialist in the new regulations, estimates that just 29% of businesses have reviewed their practice ahead of the changes. If you’re one of the 71% that haven’t started yet, here’s what you need to know to avoid a potential fine.

Privacy and protection are key

The GDPR sets the expectation that privacy and protection will be at the core of your data systems. It calls for ‘privacy by design’, which means protective measures must be built-in, not bolted on.

If you’re a company whose core work involves large-scale or sensitive data processing, you’ll also have to train up or hire a dedicated Data Protection Officer. It’ll be their responsibility to maintain thorough records and stay in touch with local Data Protection Agencies.

Consent is essential

Under GDPR, all firms must get consent to collect or process customer data. The consent can’t be slipped into the bottom of an email in tiny font or written in incomprehensible legal jargon; it has to be obvious, clear, and explain exactly why you need it.

Adapting to follow this rule could actually be good for your brand. A recent IBM global survey found that 47% of people want more transparency about how their data’s used and 38% expect clearer language. Being more open about your data collection could be a strong move, customer relations-wise.

Clients gain more control

80% of UK consumers view their data as their personal property. GDPR aligns with this sentiment by requiring companies be ready to provide all data to its owner in electronic format, or to erase it on request. Companies must also inform customers of data breaches within 72 hours.

Brexit doesn’t mean a break

44% of UK firms believe Brexit will exempt them from GDPR. The UK government has confirmed they’re wrong. If the UK stays in the EEA, GDPR will still apply to UK citizens. If it does not, businesses will need to meet their standards to trade with EU-based businesses or individuals anyway.

Preparing for GDPR does represent lots of work; at least 12 months according to EMW Law. Failure to comply won’t just risk lost clients. Breaches incur fines of up to 4% of turnover or €20 million (whichever’s highest). Time to crack on.

Social

This website is using cookies, to provide certain functions, personalize content and to analyze the use of this website. We share some of this information with third parties who may combine it with other information that you have provided to them or that they have collected from your use of their services. By clicking accept, you consent to the use of cookies. Further Information (Cookie Policy)